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(54) Distribution and management process and system for mobile terminals for use rights 
associated with a purchased content. 



(57) It permits carrying out the secure distribution 
and purchase on mobile terminals (2) of use rights files 
that are associated with a content included in a digital 
file. To do so, it uses the public and private keys con- 
ventionally granted to the devices, and consists of en- 
crypting a random session key by means of the public 
key of the smart card (1 1 ) conventionally included in mo- 



bile terminals (2). Furthermore, the use rights file is en- 
crypted with the random session key and it sends the 
encryptions to the mobile terminal (2) where the random 
session key is decrypted by means of the private key of 
the smart card (11), and the rights file is decrypted with 
the obtained random session key, the correct distribu- 
tion of the use rights file thus occurring. 
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Description 

OBJECT OF THE INVENTION 

[0001] The object of the invention concerning us is to 
provide a process and a device for mobile telephones 
in the mobile telephone network which permit carrying 
out the secure distribution and management of use 
rights associated with a purchased content, such that it 
prevents piracy and the acquisition of the contents in- 
cluded in digital files comprising different types of infor- 
mation of interest for the user, such as music, video, etc. 

BACKGROUND OF THE INVENTION 

[0002] The vertiginous development of new technol- 
ogies and the advance in the processing of digital infor- 
mation has opened a new horizon of possibilities in the 
business of creation, distribution and sale of contents 
stored in files containing information of interest for the 
user (music, video, etc.). 

[0003] The popularization of internet has enabled the 
instantaneous distribution of said contents at the same 
time that it facilitates the piracy thereof. 
[0004] These facts take on special relevance in the 
music industry with the emergence of the MP3 files for- 
mat, which enables maximum copying and distribution 
of music files with a sound fidelity comparable to that of 
compact discs. 

[0005] In the face of this drawback, several groups 
from the music industry and technological giants came 
together and created the Safe Digital Music Initiative 
(SDMI) for Digital Rights Management (DRM) and to 
protect artists and publishers from the dangers inherent 
to distribution on the internet, therefore, together with 
the digital files where the content is stored, a use rights 
file (voucher) must be purchased, by means of which 
use rights over said content are defined, it is therefore 
necessary for the distribution of said use rights files to 
be carried out securely to those users who have pur- 
chased a content, such that only this user can be the 
person who can access the content of the digital file by 
making use of the use rights file. 
[0006]. Technology has continued advancing, permit- 
ting the distribution and reproduction of contents to de- 
vices that are more and more varied and smaller. In this 
sense, mobile terminals, which are becoming more and 
more popular and have greater capabilities, take on spe- 
cial importance. 

[0007] There is no process and system in this sector 
permitting carrying out the secure distribution of use 
rights files, and which also associates said use rights 
files with the smart card that the operator provides the 
user when becoming a subscriber in the operator of the 
mobile telephone network and which must be included 
in the mobile terminal so as to permit making calls, such 
that it permits updating terminals without losing the pur- 
chased rights since these are associated with the card 



and not with the terminal. 
DESCRIPTION OF THE INVENTION 

5 [0008] To solve the aforementioned drawbacks, the 
invention provides a process and device which permit 
carrying out the secure distribution of use rights files de- 
fining the use of a content included in a digital file (such 
as music, video, etc.). 

10 [0009] The use rights file can be purchased independ- 
ently from the digital file storing the content, and the dis- 
tribution and proper reproduction of said content are not 
object of the present invention, but rather this is only 
concerned with proper distribution of the file of use rights 

15 that are associated with the digital right. 

[0010] To prevent the illegal distribution of contents, 
encrypting systems have been foreseen consisting of 
assigning a pair of keys constituted by a public key and 
a private key to each device, both being mathematically 

20 related, and the first one being known by the rest of the 
devices and the second one known only by the device 
in question. The private key never travels nor goes out- 
side of said device, such that for sending the contents, 
these are encrypted with the public key of the device, 

25 and they can only be decrypted by means of the private 
key of said device. 

[0011] These keys are assigned by certifying author- 
ities, among which there is a hierarchical relationship. 
In the case of smart cards, the manufacturers thereof 

30 are those who generate the private and public keys, re- 
cording the private key in the card and providing the pub- 
lic keys to the network operator buying the cards. 
[0012] Then, the process of the invention is charac- 
terized in that after receiving a purchase request of a 

35 use rights file, it comprises the following phases: 

generating a random session key and the use rights 
file; 

obtaining the public key of the smart card conven- 
40 tionally associated with the mobile terminal; 

encrypting the random session key with the public 
key of the smart card; 

encrypting the use rights file with the random ses- 
sion key; 

45 - sending the encryptions carried out to the mobile 
terminal, where they are received; 
decrypting, in the mobile terminal, the random ses- 
sion key by means of the private key of its smart 
card; and 

so - decrypting, in the mobile terminal, the rights file with 
the random session key obtained in the previous 
decryption to securely obtain said use rights file 
since the random session key can only be obtained 
by the one having the private key of the card of the 

55 mobile terminal, upon having been encrypted with 
the public key of the smart card of the mobile termi- 
nal, and therefore it is only permitted to decrypt the 
use rights file with the delivered session key, which 
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is also random, in other words, different for each 
distribution. 

[001 3] To permit obtaining the public key of the smart 
cards, said keys are stored in the use files server. 
[001 4] The process of the invention also foresees that 
after receiving a purchase request of a use rights file, 
the cost representing obtaining said use files is sent to 
the mobile terminal and acceptance is requested, as is 
conventionally carried out in other processes by means 
of mobile terminals: pre-payment or by means of de- 
ferred payment. 

[001 5] Furthermore, the process of the invention fore- 
sees carrying out a mutual identification process be- 
tween the mobile terminal and the use rights file server. 
[001 6] As was previously mentioned, the invention al- 
so consists of a system for mobile terminals which per- 
mits carrying out the distribution and management of 
use rights files associated with a purchased content, 
comprising a server provided with means for receiving 
a purchase request of a use rights file, means for gen- 
erating said use rights file. Each mobile terminal is pro- 
vided with a smart card that is provided with means for 
storing its own private key, to which a public key is also 
assigned. 

[001 7] The novelty of the device of the invention is de- 
termined by the fact that the server furthermore com- 
prises means for generating a random session key, 
means for storing the public key of the smart card of the 
mobile terminal, means for encrypting the random ses- 
sion key by means of the public key of the mobile termi- 
nal, means for encrypting the use rights file by means 
of the random session key, for sending the encrypted 
signals to the mobile terminal. These encrypted signals 
are received by the mobile terminal where the use rights 
file is decrypted, therefore said mobile terminal has 
means for decrypting the random session key by means 
of the private key of the smart card of the mobile terminal 
such that it obtains the random session key, and means 
for decrypting the use rights file by means of the ob- 
tained random session key, finally obtaining said use 
rights file. 

[0018] In smart cards with cryptographic capacities, 
the private key is stored in its WIM (Wireless Identifica- 
tion Module) application, foreseen for storing user keys 
and calculating and verifying digital signatures. 
[001 9] For ensuring the identity of the parties, the sys- 
tem of the invention foresees the mutual identification 
between the server and the mobile terminal under any 
of the established conventional processes for carrying 
out this function. Therefore, the decryption means are 
included in the smart card associated with each mobile 
terminal. 

[0020] Furthermore, and in correspondence with the 
described process, the system of the invention foresees 
the inclusion of the means conventionally included for 
verifying whether the user who downloads the use rights 
file has a balance to pay for the requested content, and 



in a negative case, it is not sent. 
[0021] In order to aid in better understanding this 
specification and forming an integral part thereof, a sin- 
gle drawing is attached below which shows the object 
5 of the invention with an illustrative and non-limiting char- 
acter. 

BRIEF DESCRIPTION OF THE DRAWING 



Figure 1 .- Shows a functional block diagram of a 
possible embodiment example of the system of the 
invention. 

DESCRIPTION OF THE PREFERRED EMBODIMENT 

[0023] A description of the invention based on the 
aforementioned drawing is made below. 
[0024] As previously mentioned, the system of the in- 
vention is provided for permitting securely carrying out 
the distribution of use right files associated with a digital 
file including a content of interest for the user, such as 
music, video, etc., and which specifies the conditions of 
use of said content, the content can therefore not be ac- 
cessed without the use rights file. 
[0025] Purchase of the use right file can be completely 
independent from the purchase of the digital file includ- 
ing the information content and purchased by the user, 
the distribution and reproduction of said content not be- 
ing the object of the invention, but rather the object is 
only focused on the proper distribution of the use rights 
file, as previously mentioned. 

[0026] To carry out the purchase of a use rights file, a 
request is submitted through any device, such as a per- 
sonal computer 1 or from a mobile terminal 2, which can 
be the user's own terminal or any other. 
[0027] The user makes the request of the use rights 
file from a WAP web, SMS or from any other one. 
[0028] The system of the invention is materialized in 
a server 19 which receives the request that is made, it 
therefore has a reception module 3 of the request made, 
which in the embodiment example foresees the inclu- 
sion of a mutual identification module 4 for mutually 
identifying the server 19 and the mobile terminal 2 to 
which the use rights file is sent for ensuring the authen- 
ticity of the server and of the mobile terminal. 
[0029] The mutual identification process can be any 
of those conventionally used in the state of the art for 
different applications, and it could even be unnecessary, 
as in the case when a request is made from a web page 
in the zone in which the mutual identification has been 
previously carried out. 

[0030] By way of example, a possible conventional 
mutual identification manner is described, consisting of 
sending an encrypted text from the mobile terminal 2 
with the public key of the server. At this point, it is im- 
portant to indicate that in the state of the art, as was 
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described in the section of the description of the inven- 
tion, each device is assigned a public and private key, 
wherein the public key is known by the different devices, 
and the private one is known only by the device in ques- 
tion, and all this such that the private key of each one 
of the devices never travels towards the remaining de- 
vices, and this key is used for decrypting the information 
that is encrypted with the public keys of the devices, 
such that only the messages can be decrypted with the 
private key of each device. Therefore, in the example 
concerning us, the server receives the message en- 
crypted with its public key and decrypts the message by 
means of its private key. Once it is decrypted, it encrypts 
the message again with the public key of the mobile ter- 
minal 2, which, in the specific embodiment example, us- 
es the public key of the smart card 11 that mobile termi- 
nals 2 need for being able to make calls, and which is 
purchased by the user when he/she subscribes to an 
operator of the mobile telephone network. The public 
key of the smart card 1 1 is stored in a database 8 of the 
server 19 to which the mutual identification module 4 
accesses. 

[0031] The mobile terminal 2 receives the encrypted 
message and passes it to the smart card 11 which, by 
means of its private identification key, decrypts the mes- 
sage and compares the message sent with the one re- 
ceived, such that if they coincide, the authentication of 
the server 19 is thereby carried out. 
[0032] Furthermore, the server 1 9 has a payment ac- 
ceptance module 5 which sends the cost of acquiring 
the use rights file to the user by means of his/her mobile 
terminal 2, which sends payment acceptance that is de- 
tected in the payment acceptance module 5, which ac- 
tivates a use rights file generator 6 which is also con- 
nected to the request reception module 3, such that 
when a use rights file request has been received and 
payment thereof has been accepted, the use rights file 
generator generates said file and sends it to a use rights 
file encryption module 10 with a random session key, 
the server 1 9 therefore includes a random session key 
generator 7 that is connected to the module 10 for car- 
rying out said encryption and sends it 16 to the mobile 
terminal 2. 

[0033] The database 8 is furthermore connected to an 
encryption module 9 of the random session key with the 
public key of the smart card 11 of the mobile terminal 2 
and sends 15 to the mobile terminal 2 said use rights 
file encrypted with the random session key. 
[0034] The mobile terminal 2 receives the encrypted 
signals 15, 1 6 and requests 1 7 the smart card 11 to de- 
crypt the random session key with its private key, the 
smart card 11 obtaining the random session key and 
sends it 1 8 to the mobile terminal 2, which decrypts the 
use rights file by means of said random session key 
since said use rights file was encrypted with the random 
session key, thus securely obtaining the use rights file. 
[0035] In a preferred embodiment of the invention, the 
WIM (Wireless Identification Module) application is used 



which is conventionally loaded in the smart card 11 and 
which has cryptographic capabilities. This WIM applica- 
tion is conventionally foreseen for storing private and 
public keys and calculating and verifying digital signa- 
5 tures. 

[0036] By way of example, the content could consist 
of downloading a CD-Rom, and the use rights file could 
indicate that it is only desired to hear its content three 
times, such that if, after hearing it three times, hearing 

10 it is of interest for the user, new rights could be bought 
to listen to the contents whenever desired, he/she would 
therefore have to download another rights file (voucher). 
[0037] The user must therefore have a mobile with a 
player which permits listening to the CD and the corre- 

15 sponding application which permits managing the use 
rights file according to the system of the invention, as 
has been described. Since the user has downloaded the 
content of the CD, he/she can buy the additional rights 
for this content without needing to download the entire 

20 CD again. 



Claims 

25 1. A distribution and management process for use 
rights associated with a purchased content for mo- 
bile terminals, wherein a purchase request of a use 
rights file is received which is associated with the 
purchase of a content included in a digital file, such 

30 that the digital file cannot be used without the use 
rights file, as the latter specifies the permitted use 
of the purchased content, the use rights file and the 
content file can be independently purchased; the 
process further comprising the use of the private 

35 and public keys granted by certifying authorities to 
the different devices for being able to encrypt and 
decrypt the signals exchanged between them, the 
private key being known only by each device and 
the public key by all of them; characterized in that 

40 after receiving said request, it comprises: 

generating a random session key and the use 
rights file; 

obtaining the public key of the smart card (1 1 ) 
45 which is conventionally associated with the mo- 

bile terminal (2); 

encrypting the random session key with the 

public key of the smart card (11); 

encrypting the use rights file with the random 

so session key; 

sending (15, 16) the encryptions carried out to 
the mobile terminal, the encryptions being re- 
ceived in the mobile terminal (2); 
decrypting, in the mobile terminal, the random 

55 session key by means of the private key of its 

smart card; and 

decrypting, in the mobile terminal, the rights file 
with the random session key obtained in the 
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previous encryption to obtain said use rights 
file. 

2. A distribution and management process for use 
rights associated with a purchased content for mo- 5 
bile terminals according to claim 1, characterized 

in that after receiving a purchase request of a use 
rights file, the cost representing obtaining said use 
rights file is sent to the mobile terminal and accept- 
ance is requested. 10 

3. A distribution and management process for use 
rights associated with a purchased content for mo- 
bile terminals according to claim 2, characterized 

in that the purchase of the content is selectively *5 
carried out by means of: pre-payment or deferred 
payment, after receiving acceptance confirmation. 



6. A distribution and management system for use 
rights associated with a purchased content for mo- 
bile terminals according to claim 5, characterized 
in that it comprises means (5) for verifying whether 
the user who is downloading the use rights file has 
a balance to pay for the requested content, and in 
a negative case, it is not sent. 

7. A distribution and management system for use 
rights associated with a purchased content for mo- 
bile terminals according to claim 5, characterized 
in that the mutual identification between the server 
(19) and the mobile terminal (2) is carried out. 



A distribution and management process for use 
rights associated with a purchased content for mo- 20 
bite terminals according to claim 1 , characterized 
in that a mutual identification process is carried out 
between the mobile terminal (2) and the server (1 9) 
of the use rights file. 

25 

A distribution and management system for use 
rights associated with a purchased content for mo- 
bile terminals, comprising a server (19) provided 

with means for receiving a purchase request of a * : 1 

use rights file associated with a content included in 30 \ 
a digital file, such that the digital file cannot be used 
without the use rights file, as the latter specifies the 
permitted use of the purchased content, being pos- 
sible to purchase the use rights file and the content 
independently; the mobile terminals (2) having a 35 
smart card (11) provided with means for storing a 
private key of its own to which a public key is also 
assigned, said public and private keys being grant- 
ed by certifying authorities for carrying out the en- 
cryption and decryption of the signals exchanged *o 
between different devices; characterized in that 
the server (1 9) comprises means (7) for generating 
a random session key, means (8) for storing the 
public key of the smart card (11) of the mobile ter- 
minal (2), and means (9) for encrypting the random 45 
session key by means of the public key of the smart 
card (11), means (10) for encrypting the use files by 
means of the random session key, sending (15, 1 6) 
the encrypted signals to the mobile terminal (2), 
which receives them and includes in its smart card so 
(11) means for decrypting the random session key 
by means of its private key to obtain said random 
session key, the mobile terminal (2) comprising 
means for decrypting the use rights file by means 
of the obtained random session key; all this so that 55 
the mobile terminal (2) obtains said use rights file 
after having made a purchase request of a use 
rights file. 
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